Feeds

Google throws a bone to privacy watchdogs

Will keep your data for 18 months

Combat fraud and increase customer satisfaction

Google is cutting back the time it holds user-identifying data - a little. But will this be enough to placate privacy advocates?

The search giant is to scrub personally identifying information after 18 months, compared with the limit of 18 months to two years it set out in March.

Google's Global Privacy Counsel Peter Fleischer announced the revised policy in a June 10 letter addressed to the head of a European Union working group that recently called on Google to justify why it needed to store personally identifiable information for as long as two years. The Article 29 Data Protection Working Party had also requested Google provide more details about how it planned to anonymize data.

"After considering the Working Party's concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18-to-24 months," Fleischer wrote in an accompanying blog entry. But lest Google critics take to spontaneous dancing in the streets, Fleischer warned "that future data retention laws may obligate us to raise the retention period to 24 months".

If it sounds like Google is tip-toeing through a mine field, it's because the company has come under fierce attack by privacy advocates. Recently, Privacy International, a UK-based privacy watchdog, ranked Google's privacy practices last among major internet service companies. And a chorus of critics have formally complained to the Federal Trade Commission that Google's proposed acquisition of DoubleClick, the biggest online ad server company, would create a repository of consumer information so vast it would be ripe for abuse by Google, its partners and government agents.

To hear Fleischer tell it, Google is walking the razor-thin line between security, innovation and compliance on the one side and privacy on the other. While a decision not to collect personal information at all would warm the hearts of even the most jaded privacy advocates, it would hamper other important objectives, he says. Among them is internet security and enforcement of child protection laws, which benefit from Google collecting IP numbers and tying them to specific searches.

And as if that wasn't enough, Fleischer says, Google as a global business has to comply with a patchwork of conflicting laws that span the globe. Complying with, say, a European law that mandates that personal information be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed" may seem like a simple thing. But try telling that to the US goon squad enforcing Sarbanes Oxley, which requires Google "retain business records sufficient to establish adequate financial and other controls".

Food for thought, perhaps, but Kevin Bankston, a staff attorney at the Electronic Frontier Foundation remains skeptical that forces beyond Google's control mandate the storing of personal data for such a long period. By comparison, he says, AOL anonymizes searches after 30 days. He also criticizes Google for not explaining exactly what laws it believes requires it to store information for as long as 18 months.

Says Bankston: "The burden is on Google to demonstrate why that is the case. Considering the much shorter retention periods of competitors like AOL, I don't think they've met that burden." ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.